Kaloyan Slavov
Bounding the rank and determining the torsion of elliptic curves
Kaloyan Slavov
Final project for Math 129 Spring 2005
Abstract We present a proof of the weak Mordell–Weil theorem that will enable us to explicitly bound the rank of certain classes of elliptic curves. We also discuss the Lutz–Nagel algorithm for determining the torsion subgroup. Finally, we determine the torsion subgroup of two special classes of elliptic curves. We follow [4] and [6].
1 Introduction.
That the group E(Q) of rational point on an elliptic curve is finitely generated was conjectured by Poincar`ein 1901 and proved by Mordell in 1922. Previous approaches to Diophantine equations were regarded by Poincar`e,Hilbert, and others, as based on tricks rather than as a systematic theory ([5]). In Section 1., we present a proof of the weak Mordell–Weil theorem, that the group E(Q)/2E(Q) is finite, by exhibiting an explicit injective homo- morphism E(Q)/2E(Q) → Q∗/(Q∗)2 × Q∗/(Q∗)2 (in the case when there are four points of order dividing two) whose image is finite. To prove injectiv- ity, we will need a characterization of the group 2E(Q), which will be the first theorem in the section. To prove finiteness of the image, we will use
1 divisibility properties in Z in the case when E(Q) has four elements of order dividing 2. In the general case, we will replace Z by a suitable ring R that is a principal ideal domain and whose group of units is finitely generated. Then the proof of the Mordell–Weil theorem can be finished easily by using “height” functions. This method is called “descent” because it gen- eralizes Fermat’s method of proving that the equation x4 + y4 = z2 has no nontrivial solutions (which involves considering a solution and then obtaining a “smaller” one). In fact, Fermat’s construction of a “smaller” solution is analogous to the construction of a point on the elliptic curve that is “simpler” arithmetically in the sense that it has a smaller height (for a more detailed discussion of the descent method, see [4], [6], [3], [5]). In Section 2, we discuss the problem of determining the rank of an elliptic curve. We apply the previous injective homomorphism to find a bound on the rank in general. Then we examine more carefully the image of the homomor- phism from before to further refine the rank. Yet more careful analysis of the possible image (using the theory of quadratic residues) will enable us to show that each curve in a certain class has rank 0, and to refine the bounds on the curves from another class. In general, the problem of computing the rank of an elliptic curve is extremely hard. For example, it is not known whether there are elliptic curves of arbitrarily large rank (the “folklore conjecture”). A curve of rank at least 24 was found in 2000 ([7]). John Cremona’s program “mwrank” computes the ranks of elliptic curves (using the descent method), but no algorithm is known for computing the rank that can be proved to always terminate, for any elliptic curve E. In Section 3., we first discuss the Lutz–Nagel theorem, which provides us with a simple algorithm for computing the torsion subgroup. Then, assuming the fact that the torsion subgroup injects into the group of points on Ep for p a prime of good reduction (this fact is also used in the Doud’s algorithm which computes the torsion subgroup much more efficiently), we apply Dirichlet’s theorem for the primes in an arithmetic progression to compute the torsion subgroups for two general classes of curves. Finally, in Section 4., we use the results obtained before to study the classical problem of congruent numbers.
2 Proof of the weak Mordell-Weil theorem.
Theorem 1. Let E : y2 = (x − α)(x − β)(x − γ)
2 be an elliptic curve over a field K of characteristic 0, with α, β, γ ∈ K. Then a point (x2, y2) ∈ E(K) belongs to 2E(K) if and only if
x2 − α, x2 − β, x2 − γ are squares in K.
Proof. First, assume that (x2, y2) = 2(x1, y1) for some (x1, y1) ∈ E(K) (then x1 ∈/ {α, β, γ} because (x2, y2) 6= O). If y = mx + b is the line tangent to E at x1, then by the definition of addition in E(K), we have
2 2 (x − α)(x − β)(x − γ) − (mx + b) = (x − x1) (x − x2).
mα+b 2 Set x = α to conclude that x2 − α = ( ) is a square in K, and similarly α−x1 for x2 − β and x2 − γ. For the other direction, assume without loss of generality that x2 = 0 (we can make a change of variable x 7→ x − x2, which just translates the curve), and −α = a2, −β = b2, −γ = c2 (with a, b, c ∈ K). We can adjust the signs of a, b, c so that abc = −y2. We have to produce (x1, y1) so that if y = mx−y2 2 is the tangent line to the curve at x1, then (x−α)(x−β)(x−γ)−(mx−y2) = 2 (x − x1) x. We claim that it suffices to find m ∈ K such that
(x − α)(x − β)(x − γ) − (mx − y )2 2 = (x − x )2 (1) x 1 for some x1. Indeed, in such a case, (x1, mx1 − y2) ∈ E(K); since x1 is a double root of the left hand side of (1), the tangent line to E at (x1, y1) (where y1 = mx1 − y2) indeed has the form y = mx + b, and necessarily b = −y2 because it has to pass through (0, −y1). Then, by definition, 2(x1, y1) = (0, −(m.0 − y2)) = (0, y2). 3 2 2 Write (x − α)(x − β)(x − γ) = x + rx + sx + y2; then (1) will follow if 2 2 the equation x + (r − m )x + (s + 2my2) has a double root, or, equivalently, 2 2 discriminant 0. However, one can check that (m − r) = 4(s + 2my2) is equivalent to (m2 − r − 2α)2 = 4(am − bc)2. So, it suffices to find a solution of m2 − α + β + γ = 2(am − bc), and the last equation is (m − a)2 = (b − c)2, which indeed has a solution for m in K.
Proposition 2. Let
E : y2 = (x − α)(x − β)(x − γ)
3 be an elliptic curve over Q with α, β, γ ∈ Z. Then the map
ϕ : E(Q) −→ Q∗/(Q∗)2 given by 1, if P = O ϕ(P ) = (α − β)(α − γ), if P = (α, 0) x − α, if P = (x, y), x 6= α, P 6= O is a group homomorphism. Proof. Notice that given a point P ∈ E(Q), the first coordinate of −P is the same as the one of P, hence ϕ(−P ) = ϕ(P ). Also, ϕ(P )2 = 1, hence −1 ϕ(P ) = ϕ(P ). Thus, to check that P1 + P2 = P3 implies ϕ(P1)ϕ(P2) = ∗ 2 ϕ(P3) is to check that P1 + P2 + P3 = O implies ϕ(P1)ϕ(P2)ϕ(P3) = (Q ) . So, let P1 + P2 + P3 = O. If P1 = O, then ϕ(P2) = ϕ(P3) and the conclusion follows. Assume P1,P2,P3 6= O,Pi = (xi, yi). Then P1,P2,P3 lie on a line y = mx + b (where m, b ∈ Q) and
2 (x − α)(x − β)(x − γ) − (mx + b) = (x − x1)(x − x2)(x − x3). (2)
If xi 6= α for any i, then we set x = α to deduce (x1 −α)(x2 −α)(x3 −α) = 2 2 ∗ 2 ∗ 2 (mα + b) , hence ϕ(P1)ϕ(P2)ϕ(P3) = (mα + b) (Q ) = (Q ) , as desired. If (x1, y1) = (α, 0), then x2, x3 6= α (since we assume P2,P3 6= O). Then (2) implies that x − α divides the polynomial (mx + b)2, so mx + b = m(x − α). 2 Substituting it in (2) yields (x−β)(x−γ)−m (x−α) = (x−x2)(x−x3) after cancellation by (x−α). Set x = α to conclude (α−β)(α−γ) = (α−x2)(α−x3). 2 In other words, ϕ(P1) = ϕ(P2)ϕ(P3), hence ϕ(P1)ϕ(P2)ϕ(P3) = ϕ(P1) = (Q∗)2, as desired.
2 ∗ 2 Therefore, ϕ(2P ) = ϕ(P ) = (Q ) , hence ϕ = ϕα induces a group homomorphism ∗ ∗ 2 ϕα : E(Q)/2E(Q) −→ Q /(Q ) . Similarly, we have a group homomorphism
∗ ∗ 2 ϕβ : E(Q)/2E(Q) −→ Q /(Q ) given by 1, if P = O ϕβ(P ) = (β − α)(β − γ), if P = (β, 0) x − β, if P = (x, y), x 6= β, P 6= O.
4 Proposition 3. The map
∗ ∗ 2 ∗ ∗ 2 ϕα × ϕβ : E(Q)/2E(Q) −→ Q /(Q ) × Q /(Q ) (3) is injective.
∗ 2 ∗ 2 Proof. Let ϕα(P ) = (Q ) , ϕβ(P ) = (Q ) , where P = (x2, y2). If x2 6= α, x2 6= β, then the condition is that x2 − α and x2 − β are squares in Q, 2 hence (x2 −α)(x2 −β)(x2 −γ) = y2 implies that x2 −γ is a square, too. Thus, Theorem 1 implies that (x2, y2) ∈ 2E(Q). If x2 = α, then the definitions of ϕα and ϕβ yield that (α − β)(α − γ) and (α − β) are squares in Q. But then (α − γ) is a square, and since so is α − α = 0. We have that the numbers x2 − α, x2 − β, x2 − γ are all squares, hence Theorem 1 again implies that P ∈ 2E(Q). We write M ∗ ∗ 2 a1 a2 Q /(Q ) = {²2 3 ... | ² ∈ {±1}, ai ∈ {0, 1}, almost all ai = 0} = Z/2Z. ±,p–prime
Proposition 4. If E is as in Proposition 2 (i.e., α, β, γ ∈ Z), and
d = (α − β)2(β − γ)2(γ − α)2 is the discriminant of the cubic defining the elliptic curve, then the image ∗ ∗ 2 of ϕα × ϕβ is contained in the subgroup of Q /(Q ) that has zeroes in all coordinates except the ones corresponding to ±1 and primes p|d.
Proof. For a prime p and s ∈ Q∗, we say that pk||s is s = pks0, where p is coprime to both the numerator and denominator of s0 when written in lowest terms. Let p - d (i.e., p - (α − β)(β − γ)(γ − α)) be a prime number, and let (x, y) ∈ E(Q)−{O}. If x ∈ {α, β, γ}, then ϕα(x, y) and ϕβ(x, y) are products of (α − β), (β − γ), and (γ − α), so neither of them is divisible by p. Assume from now on that x∈ / {α, β, γ}. If a, b, c are the integers satisfying pa||(x−α), pb||(x − β), pc||(x − γ), then the fact that (x − α)(x − β)(x − γ) = y2 ∈ Q∗ implies that a + b + c ≡ 0 (mod 2). Assume first that a = −k < 0. Then x 6= 0 (since α ∈ Z), so we can x0 0 00 −k x0−αx00 write x = x00 with gcd(x , x ) = 1. Since p || x00 , it follows first that pk|x00, but then p - x0, hence pk||x00. Next, it follows that p−k||(x − β) and
5 −k p ||(x − γ), so a = b = c, hence each of a, b, c is even. But (ϕα × ϕβ)(x, y) = (x − α)(x − β), and since a + b is even, the coordinate corresponding to p in Q∗/(Q∗)2 × Q∗/(Q∗)2 is indeed (0, 0). a a0 Now assume at least one of a, b, c, say a, is positive. Then (x−α) = p a00 , paa0+a00(α−β) and since p - (α − β), we have that x − β = (x − α) + (α − β) = a00 does not have p in its numerator, so b = 0, and analogously c = 0. Thus, a is even, so again the power of p dividing each of x − α and x − β is even, hence (x − α, x − β) has (0, 0) in its p−th coordinate in Q∗/(Q∗)2 × Q∗/(Q∗)2. This finishes the proof in the case where α, β, γ ∈ Q (since in this case, they have to be integers). In the general case, let K = Q(α, β, γ). We proved in class that it suffices to show that E(K)/2E(K) is finite. Let R, OK ⊂ R ⊂ K be a ring which is a principal ideal domain, and whose group U of units is finitely generated (we established its existence in class). The field of fractions of R is still K, so R will play the role Z has in the particular case of the theorem. Since U is a finitely generated abelian group, U/U 2 is finite, and we have as before that M K∗/(K∗)2 ' (U/U 2) × Z/2Z. P –prime in R
The proof we have given before carries over, and the existence of an injective homomorphism
E(K)/2E(K) −→ M M (U/U 2) × Z/2Z × (U/U 2) × Z/2Z . P –prime of R,P |D P –prime of R,P |D
(where again D ∈ Z is the discriminant of the cubic (x − α)(x − β)(x − γ) and divisibility is in R) finishes the proof of the weak Morderl–Weil theorem. Using “height” functions, one can deduce the Mordell-Weil theorem:
Theorem 5. If E : y2 = x3 + ax + b is an elliptic curve over Q, then the group E(Q) is finitely generated, hence
r E(Q) ' Z ⊕ E(Q)tor.
6 3 Determining the rank.
Lemma 6. Suppose |E(Q)/2E(Q)| ≤ 2l, where E : y2 = (x−α)(x−β)(x−γ) is an elliptic curve over Q with α, β, γ ∈ Z. Then the rank r of E satisfies r ≤ l − 2. Proof. The points of order dividing 2 on E (i.e., O, (α, 0), (β, 0), (γ, 0)) form a subgroup Z/2 × Z/2 ⊂ E(Q); if s is even, then Z/sZ has an element of order 2. This implies that E(Q) ' Z/2 × Z/2 × M × Zr, where M is a finite torsion group of odd order. Therefore, |E(Q)/2E(Q)| = 22+r, hence r+2 ≤ l, as desired. Given an elliptic curve E : y2 = (x−α)(x−β)(x−γ) with α, β, γ ∈ Z, we say that a prime p is fairly bad if p divides only one of α−β, β −γ, γ −α, and very bad if p divides all three of them (of course, if it divides two of them, then it divides the third one, as well).
Proposition 7. If n1 denotes the number of fairly bad primes, and n2 denotes the number of very bad primes, then there is an injective map Y E(Q)/2E(Q) −→ Z/2 × Z/2 × · · · × Z/2 × (Z/2 × Z/2), | {z } n2 copies n1 hence the rank r of E satisfies
r ≤ n1 + 2n2 − 1.
Proof. We can assume without loss of generality that α < β < γ, for if this is not the ordering of the three numbers, we can consider the product of two other homomorphisms among ϕα, ϕβ, and ϕγ, instead of ϕα × ϕβ. If P = (x, y) ∈ E(Q) − {O}, then x − α > x − β > x − γ, and since (x − α)(x − β)(x − γ) = y2 ≥ 0, necessarily x − α ≥ 0. If x∈ / {α, β, γ}, then ϕα maps (x, y) to (x − α), which is positive. If x = α, then ϕα(x, y) = (α − β)(α − γ) > 0 by the ordering. Similarly, if x = β or x = γ, then x − α > 0. Thus, the image of E(Q)/2E(Q) under ϕα × ϕβ is contained in the subgroup of elements whose ±1 coordinates correspond to 0 × Z/2. So, the first factor Z/2 × Z/2 corresponding to the ±1 coordinate in (3) can be replaced by a single Z/2. Let p be a fairly bad prime. We will show that, similarly, the factor Z/2×Z/2 corrsponding to the prime p in (3) can be replaced by a single Z/2.
7 In other words, there is a two–element subgroup M ⊂ Z/2 × Z/2 (depending on p) such that the p−th coordinate of ϕα × ϕβ(P ) is contained in M for any P ∈ E(Q). Assume that p|(α − β), hence p - (β − γ) and p - (γ − α). We will show that we can take M =< 1, 1 >= diag(Z/2 × Z/2). If p|(β − γ), a similar argument will show that we can take M = 0 × Z/2, and if p|(γ − α), we can take M = Z/2 × 0. Consider a point P = (x, y) ∈ E(Q). If x = α, then ϕα(P ) = (α − β)(α − γ), and ϕβ(P ) = (α − β), and these two rationals have the same power of p in their factorization, since p - (α − γ). Similarly, if x = β, then ϕα(P ) = β − α and ϕβ(P ) = (β − α)(β − γ), which again have the same power of p in their factorizations. Finally, x = γ yields ϕα(P ) = (γ − α) and ϕβ(P ) = (γ − β), and these two are both not divisible by p. Assume x∈ / {α, β, γ}. We can define integers a, b, c as above by pa||(x−α), pb||(x − β), pc||(x − γ). We know that a + b + c ≡ 0 (mod 2), and we have to deduce a ≡ b (mod 2) in order to conclude that indeed ϕα × ϕβ(P ) ∈ diag(Z/2 × Z/2). Here we will use the condition that p is fairly bad. If one of a, b, c is negative, we saw that a = b = c, so assume all of them are a a0 0 nonnegative. Assume first a > 0. Then x − α = p a00 with gcd(p, a ) = gcd(p, a00) = 1. If c > 0, it follows that α − γ = (α − x) + (x − γ) is divisible by p, which is a contradiction. So, c = 0, hence indeed a + b ≡ 0 (mod 2). Similarly, b > 0 implies c = 0. If c > 0, then the same reasoning yields a = 0 and b = 0, so again a ≡ b (mod 2). Finally, if a = b = c = 0, there is nothing to prove.
Proposition 8. Consider the elliptic curve
E : y2 = x3 − p2x2, where p 6= 2 is a prime number. The rank r of E satisfies
• r ≤ 2 if p ≡ 1 (mod 8)
• r = 0 if p ≡ 3 (mod 8)
• r ≤ 1 if p ≡ 5, 7 (mod 8).
Proof. Set α = −p, β = 0, γ = p. Then 2 is a fairly bad prime, while p is a very bad prime, hence we know a priori only that r ≤ 2 regardless of p.
8 We now sharpen the estimation by looking more closely at the images of ϕα, ϕβ, ϕγ. Consider a point P = (x, y) ∈ E(Q) with x∈ / {α, β, γ}. Then ϕα(P ) = 2 x + p, ϕβ(P ) = x, ϕγ(p) = x − p. Since (x + p)x(x − p) = y , we have either x + p > 0 and x < 0, x − p < 0, or x + p > 0, x < 0, x − p > 0. Since 2|(γ − α), the proof of the previous Proposition implies that ϕβ(P ) has 0 in its 2−coordinate, and since the product of the three numbers x+p, x, x−p is a square, the only possibilities for the 2−coordinate of (ϕα ×ϕβ ×ϕγ)(P ) are (0, 0, 0) and (1, 0, 1). Similarly, if the power of p dividing one of x+p, x, x−p is odd, then the power of p in precisely another one of these three numbers is odd. Thus, the possible triples for the p−coordinate of (ϕα × ϕβ × ϕγ)(P ) are (0, 0, 0), (0, 1, 1), (1, 0, 1), (1, 1, 0). We compute directly that
2 (ϕα × ϕβ × ϕγ)(α, 0) = (2p , −p, −2p), 2 (ϕα × ϕβ × ϕγ)(β, 0) = (p, −p , −p), 2 (ϕα × ϕβ × ϕγ)(γ, 0) = (2p, p, 2p ).
So, the p−coordinates of the images of (α, 0), (β, 0), (γ, 0) under ϕ = ϕα × ϕβ × ϕβ are respectively (0, 1, 1), (1, 0, 1), (1, 1, 0), hence all three nontrivial triples for the p−coordinate occur. The key idea is based on this observation. For any P = (x, y) ∈ E(Q), there is RP ∈ {O, (α, 0), (β, 0), (γ, 0)} such that ϕ(P ) and ϕ(RP ) have the same p− coordinate, so the p−th coordinate of ϕ(P + RP ) will be the triple (0, 0, 0). Consider the set–theoretic map
ϕ0 : E(Q)/2E(Q) −→ Q∗/(Q∗)2 × Q∗/(Q∗)2 × Q∗/(Q∗)2 given by
P = (x, y) 7−→ (ϕα(P + RP ), ϕβ(P + RP ), ϕγ(P + RP )).
If ϕ0(P ) = ϕ0(P 0), then P − P 0 ∈ {O, (α, 0), (β, 0), (γ, 0)}, so there are four possible preimages of each element in the target. In particular, if |im(ϕ0)| ≤ 2l, then |E(Q)/2E(Q)| ≤ 4.2l = 2l+2, so r ≤ l. Since the p−coordinate of ϕ0 is always trivial, and the possibilities for the ±−coordinate are (+, +, +), (+, −, −) while the possibilities for the 2−coordinate are (0, 0, 0), (1, 0, 1), there are at most four cases, but we can limit them fur- ther using the theory of quadratic residues. One can easily show that if there 2 2 2 is x ∈ Q with x + p = a1, x = −a2, x − p = −a3 (a1, a2, a3 ∈ Q) then p ≡ 1, 5 2 2 2 (mod 8). Also, if the situation x + p = 2a1, x = a2, x − p = 2a3, occurs, then 2 2 2 p ≡ 1, 7 (mod 8), and if x + p = 2a1, x = −a2, x − p = −2a3, then p ≡ 1 (mod 8).
9 In conclusion, if p ≡ 3 (mod 8), then only one case can occur, so |im(ϕ0)| ≤ 1 = 20, hence r = 0. If p ≡ 5 (mod 8), then the only possibilities for the ± and 2−coordinates are (+, +, +), (0, 0, 0) and (+, −, −), (0, 0, 0), hence at most 2 = 21 possibilities, hence r ≤ 1. If p ≡ 7 (mod 8), the only possibili- ties are (+, +, +), (0, 0, 0) and (+, +, +), (0, 1, 0), hence again two possibilities and so r ≤ 1.
4 Determining the torsion subgroup.
4.1 The Lutz-Nagel algorithm. Theorem 9. If E : y2 = x3 + ax2 + bx + c is an elliptic curve over Q with a, b, c ∈ Z, and if D is the discriminant of x3 + ax2 + bx + c, then any point (x, y) ∈ E(Q) of finite order has integer coordinates, and y = 0 or y|D.
Since there are finitely many y0 with y0 = 0 or y0|D, and for each y0 there 2 3 2 are finitely many rational solutions of y0 = x + ax + bx + c, which we can determine explicitly, we can compute a finite set S of rational points that contains all possible torsion points in E(Q). For each P ∈ S, we may start adding P to itself in order to determine if P is a torsion point, and if so, to determine its order. Of course, if we do not get that (#S)P = O, then P is not a torsion point. Thus, we have an algorithm whose output is the number of torsion points of any given order, which determines the torsion subgroup E(Q)tor uniquely. Of course, in practice we may simplify the computations assuming, for instance, Mazur’s theorem (according to which the torsion subgroup is either Z/mZ for 1 ≤ m ≤ 10 or Z/2Z × Z/mZ for 1 ≤ m ≤ 4). Namely, we have to examine only m ≤ 12 such that mP = O to determine the order of P. More concretely, Darrin Doud’s algorithm ([2]) is much faster than the Lutz-Nagel algorithm. First, it uses that for a prime p of good reduction, there is an injection E(Q)tor ,→ Ep(Z/pZ). Thus, by computing the order of Ep(Z/pZ) for several small values of p, we may obtain a bound b such that |Ep(Z/pZ)| divides b. Then the analysis splits into two cases depending on whether 4 divides b or not (for if 4 - b, then the torsion subgroup must be cyclic, by Mazur’s theorem) and involves looking at suitable points on E(C) and checking whether they are rational. Proof. The case y = 0 is clear, so we may consider only points with y 6= 0.
10 Fix a prime p. Consider a point (x, y) ∈ E(Q) with ordp(y) = −σ < 0, u m i.e., y = wpσ . If x = npµ , we get that
u2 m3 + am2npµ + bmn2p2µ + cn3p3µ = . w2p2σ n3p3µ If µ ≤ 0, the order of p on the RHS is greater than or equal to zero, but it has to equal −2σ, so µ > 0 and thus −2σ = −3µ. Similarly, µ > 0 implies σ > 0 and again 2σ = 3µ. In this case, µ = 2λ and σ = 3λ, so (x, y) belongs to the set
λ C(p ) = {(x, y) ∈ E(Q) | ordp(x) ≤ −2λ, ordp(y) ≤ −3λ} ∪ {O}.
Notice that
E(Q) ⊃ C(p1) ⊃ C(p2) ⊃ · · · ⊃ C(pλ) ⊃ ... and that (x, y) ∈ C(pλ) implies y 6= 0 (since the coefficients of E are integers). It suffices to show that C(p) contains no nontrivial points of finite order. Indeed, since p was arbitrary, it will follow that the denominator of any rational point of finite order is not divisible by any primes, so the point must have integer coordinates. Consider the ring R = {x ∈ Q | ordp(x) ≥ 0} obtained by turning every prime q 6= p into a unit, in which p is the only prime. For P = (x, y) ∈ E(Q) x m u with y 6= 0, define t(P ) = y . Set t(O) = 0. If x = np2λ and y = wp3λ , then x xw λ λ y = nu p , so t(x, y) ∈ p R. By the previous remarks, the converse is also true, so (x, y) ∈ C(pλ) if and only if t(x, y) ∈ plR. Thus the map t keeps track of the fact that the power of p in the denominators of x and y has the form 2λ and 3λ respectively. It can be shown by tedious computation involving the explicit formulas for the sum of two points on an elliptic curve and by 0 x 0 1 λ using the change of variables x = y , y = y that each C(p ) is a subgroup of λ E(Q) and for any P1,P2 ∈ C(p ),
3λ t(P1) + t(P2) ≡ t(P1 + P2) (mod p R). (4)
Assume for the sake of contradiction that P = (x, y) ∈ C(p) − {O} has finite order m > 1. Then y 6= 0 and there is a power of p which does not divide the denominator of y, so there is some λ with P/∈ C(pλ+1) but P ∈ C(pl).
11 If p - m, since C(p) ⊂ E(Q) is a subgroup, we have that P, 2P, ..., mP ∈ C(P ), so the congruence (4) yields
3λ 0 = t(O) = t(mP ) = t(|P + ···{z + P}) ≡ mt(P ) (mod p R), m hence mt(P ) ∈ p3λR. Since m is prime to p, the definition of R implies that t(P ) ∈ p3λR, hence P ∈ C(p3λ). This contradicts the maximality of λ with P ∈ C(pl). If p|m, write m = pk. Consider the point Q = kP ∈ C(p). The order of Q in E(Q) is p, and we can again find some largest λ with Q ∈ C(pλ) (of course, λ > 0). As in the previous case,
0 = t(O) = t(pQ) ≡ pt(Q) (mod p3λR), which shows that t(Q) ∈ p3λ−1R. This contradicts the maximality of λ be- cause 3λ − 1 > λ, and finishes the proof of the first part. To establish the divisibility statement, consider a point P = (x, y) ∈ E(Q) of finite order with y 6= 0 (we know that x, y ∈ Z). Then the order of 2P is finite, too, and 2P 6= O. Write 2P = (u, v) with u, v ∈ Z. The formula for the x−coordinate of 2P implies that µ ¶ f 0(x) 2 u = − a − 2x, 2y
³ ´2 ³ ´ f 0(x) f 0(x) 0 so 2y ∈ Z, hence 2y ∈ Z. So, y|f (x). Of course, y also divides f(x) because y2 = f(x). It is known1 that D ∈ Z[t]f(t) + Z[t]f 0(t), so plugging t = x shows that D ∈ Zf(x) + Zf 0(x). Therefore, y|D, as desired.
4.2 The torsion subgroup for two classes of curves. We will explicitly determine the torsion subgroup for two classes of curves by using the result that for a prime p not dividing the discriminant of the cubic x3 + ax2 + bx + c defining an elliptic curve E : y2 = x3 + ax2 + bx + c, there is an injection rp : E(Q)tor ,→ Ep(Z/pZ).
1See [6], p. 48 for the explicit formula.
12 Proposition 10. Consider the elliptic curve
E : y2 = x3 + Ax, where the integer A is fourth-power free. Then Z/2 ⊕ Z/2 if − A is a square, E(Q)tor = Z/4 if A = 4, Z/2 otherwise.
Proof. First we count |Ep(Z/p)| for p ≡ 3 (mod 4). For each x ∈ Z/p, we consider x3 + Ax ∈ Z/p, and notice that if it is a nonzero square in Z/p, then it has two square roots, hence it yields two solutions, and if it is not a square, it yields no solutions. For x 6= 0, if x3 + Ax 6= 0, then exactly one of x3 + Ax and −(x3 + Ax) = (−x)3 + A(−x) is a square (by quadratic residues theory, -1 is not a square). If x3 + Ax = 0, then each of x and −x induces a single solution. Thus, a pair {x, −x} induces two solutions of the equation. p−1 Therefore, counting the point at infinity, we obtain 2 2 + 1 + 1 = p + 1 elements in Ep(Z/p). We claim that |E(Q)tor| divides 4. Use Dirichlet’s theorem to find a prime p ≡ 3 (mod 8) that does not divide the discriminant of the curve. Since there is an inclusion E(Q)tor ,→ Ep(Z/p), it follows that |E(Q)tor| divides |Ep(Z/p)| = p + 1 ≡ 4 (mod 8), hence |E(Q)tor| is not divisible by 8. Choose a prime of good reduction p ≡ 7 (mod 12) and notice that |E(Q)tor| divides p+1 ≡ 8 (mod 12), hence is not divisible by 3. Finally, if q > 3 is any prime, and p ≡ 3 (mod 4q) is a prime of good reduction, then p + 1 ≡ 4 (mod 4q) is not divisible by q, hence neither is |E(Q)tor|. On the other hand, (0, 0) is an element of order 2 in E(Q). If A = 4, we have (0, 0) = 2.(2, 4) because of the formula
x4 − 2Ax2 − 8Bx + A2 x(2P ) = 4(x3 + Ax + B) for the x−coordinate of the point 2P = 2(x, y) on an elliptic curve y2 = x3 + Ax + B (here B = 0). So, the torsion subgroup is Z/4 when A = 4. If −A is a square, then x3 + Ax has three roots in Q, hence E(Q) has three elements of order 2, hence E(Q)tor = Z/2 ⊕ Z/2 in this case. Finally, if −A is not a square, it suffices to show that (0, 0) ∈/ 2E(Q) to conclude that
13 4 2 2 E(Q)tor = Z/2. Assume (0, 0) = 2(x, y); it follows that x − 2Ax + A = 0, so (x2 −A)2 = 0, thus x2 = A. But A is not divisible by the fourth power of a prime, so x is square-free. However, y2 = x3 +Ax = x(x2 +A) = x.2x2 = 2x3, which implies that x is not divisible by an odd number, so x = ±1, ±2. Then we see that x 6= ±1, so A = 4, but we already dealt with this case. Proposition 11. Consider the elliptic curve
E : y2 = x3 + B, where B ∈ Z is not divisible by a sixth power of a prime. Then Z/6, if B = 1 Z/3, if B = −2433 or B 6= 1 is a square E(Q)tor = Z/2, if B 6= 1 is a cube 0, otherwise.
Proof. We first show that |Ep(Z/p)| = p + 1 for p ≡ 2 (mod 3). Since 3 does not divide p − 1 = |(Z/p)∗|, there are no elements of order 3 in (Z/pZ)∗, so the homomorphism a 7→ a3 is injective, hence bijective. Since 0 has a unique cube root in Z/pZ, this shows that any element in Z/pZ has a unique cube root. So, each choice of y ∈ Z/pZ yields a unique x with y2 − B = x3. Therefore, counting the point at infinity, there are indeed p + 1 elements in Ep(Z/p). As in the previous Proposition, we see that 6|#E(Q)tor by using Dirich- let’s theorem (to see that 4 does not divide the order, consider p ≡ 5 (mod 12), to see that 9 does not divide the order, consider p ≡ 2 (mod 9), and to see that q > 3 does not divide the order, consider p ≡ 2 (mod 3q)). A point P = (x, y) 6= O has order 3 if and only if 2P = −P, which holds if and only if x(2P ) = x(P ) (because 2P = P implies P = O, which is assumed not to be the case). Using the formula for x(2P ), we conclude that 2P = −P is equivalent to
x4 − 8Bx = x ⇐⇒ x4 = −4Bx. 4(x3 + B)
So, x = 0 gives a point of order 3 if and only if B is a square (x = 0 yields y2 = B). The other possible solution is x such that x3 = −4B; then y2 = x3 + B = −3B. Recall that B is not divisible by sixth powers of primes,
14 hence the only possible primes that divide B are 2 and 3, and B < 0. We write B = −2a3b and see that B = −2433. Thus, E(Q) has an element of order 3 if and only if B is a square or B = −2433. We know that E(Q) has an element of order 2 if and only if x3 + B has a rational solution, which is the case if and if B is a cube. So, when B = 1, the torsion group has elements of order 2 and 3, and is, therefore, isomorphic to Z/6. If B 6= 1 is a square, then B is not a cube, since it is not divisible by sixth powers of primes, so the torsion group has an element of order 3, but not of order 2. This is also 4 3 the case when B = −2 3 , so in these two cases, E(Q)tor ' Z/3. If B 6= 1 is a cube, we have an element of order 2 but not of order 3, so the torsion group is isomorphic to Z/2, which completes the proof.
5 Application to congruent numbers.
A square–free integer n ≥ 1 is called a congruent number if one of the following three equivalent conditions is satisfied: 1. n is the area of a Pythagorean triangle with rational sides; 2. There is a rational number x such that x − n, x, x + n are all perfect squares. 3. There is a nontrivial rational point on the elliptic curve y2 = x3 − n2x.
It is easy to see that the first two conditions are equivalent because if n satisfies one of them, we can explicitly construct either the Pythagorean triple of the rational number x. Also, if x − n, x, x + n are all perfect squares, then their product is a square, hence the there is a nontrivial rational point on the elliptic curve. The last implication is nontrivial. If (x0, y0) is a nontrivial rational point on the elliptic curve, then y0 6= 0, so 2(x0, y0) = (x1, y1) and Theorem 1 implies that y1 − n, y1, y1 + n are all perfect squares, since the roots of the cubic are precisely 0, ±n. Theorem 12. A square–free positive integer n is congruent if and only if the rank r of the elliptic curve E : y2 = x3 − n2x satisfies r ≥ 1.
15 Proof. Assume first r = 0. Then E(Q) = E(Q)tor ' Z/2 ⊕ Z/2 (by Propo- sition 10), so there are no nontrivial rational points on E, hence n is not congruent. The converse is obvious. For example, n = 1 is not congruent because the cubic equation defining the elliptic curve y2 = x3 − x has as roots 0, ±1, and thus 2 is the only bad prime, which is fairly bad. Therefore, n1 = 1, n2 = 0, and so r ≤ n1 + 2n2 − 1 = 0, proving that r = 0, hence 1 is not congruent.
References
[1] Cremona, J.,
http://www.maths.nottingham.ac.uk/personal/jec/ftp/progs/mwrank.info
[2] Doud, D. “A procedure to calculate torsion of elliptic curves over Q,” Manuscripta Mathematica. 95. 1998, 463–369.
[3] Kato, K., Number Theory 1: Fermat’s Dream, 2000. American Mathe- matical Society.
[4] Knapp, A. Elliptic Curves, 1992. Princeton University Press.
[5] Li, D., “Proving Mordell-Weil: A Descent in Three Parts” (Senior The- sis, 2005).
[6] Silverman, J., Tate, J. Rational Points on Elliptic Curves, 1992. Springer–Verlag. New York Inc.
[7] Stein, W., “Lecture 27: Torsion poins on elliptic curves and Mazur’s big theorem,” Harvard University, Math 124, Fall 2001.
16